It’s very common for an Authorization Server to also be the Resource Server, usually exposing an API to
let others access its own resources. Django OAuth Toolkit implements an easy way to protect the views of a Django
application with OAuth2, in this tutorial we will see how to do it.

We start where we left the part 1 of the tutorial: you have an authorization server and we want it
to provide an API to access some kind of resources. We don’t need an actual resource, so we will simply expose an
endpoint protected with OAuth2: let’s do it in a class based view fashion!

Django OAuth Toolkit provides a set of generic class based view you can use to add OAuth behaviour to your views. Open
your views.py module and import the view:

For a quick test, try accessing your app at the url /api/hello with your browser
and verify that it responds with a 403 (in fact no HTTP_AUTHORIZATION header was provided).
You can test your API with anything that can perform HTTP requests, but for this tutorial you can use the online
consumer client.
Just fill the form with the URL of the API endpoint (i.e. http://localhost:8000/api/hello if you’re on localhost) and
the access token coming from the part 1 of the tutorial. Going in the Django admin and get the
token from there is not considered cheating, so it’s an option.